Why SDMI Will Fail

Hounded by open formats like MP3 that encourage free copying of music, record companies have been praying for an escape: a high-quality, secure digital audio format that could be sold to consumers everywhere online and without a risk of piracy. Unsatisfied with proprietary solutions offered by Liquid Audio or AT&T, they have forged to create a new standard that would be ultimately secure and powerful. They dubbed this the Secure Digital Music Initiative, or SDMI. SDMI was hailed as the future savior of the record industry. This was a Bad Move.

Why? It does seem perfectly reasonable for record companies to desire a way to make sure their billions of dollars of assets are protected from thieves. The answers are not obvious. One, digital intellectual property, especially digital audio, is insecure by its nature. Two, a little bit more obviously, good standards take a long time to iron out in a committee of multinational corporations.

The first point is a purely technical one, but one that is so straightforward that I wonder at the sheer ignorance of those promoting secure standards. When a computer program, sayRealPlayer or WinAMP, wants to play some music for the user, they have to send that data in raw form to the sound card. It is a trivial manner to write a piece of software that pretends that it is a sound card! This software can then capture all of the music that was intended for the actual sound card and store it away. In this manner, it would be possible to render any secure music format insecure and copyable.

Mind you, I’m not out of my mind on this. GoodNoise is a new Internet-based record label that signs artists and promotes them online, selling some portion of their repertoire on their website. One strange thing about GoodNoise is that none of the songs on their website are encrypted. A cursory glance might allow you to dismiss this as naivite or stupidity. A closer look at the company will reveal the astonishing fact that the vast majority of those in charge of the company came from Pretty Good Privacy (PGP), one of the world’s leading encryption companies! In other words, the people who know most about how to encrypt data are just about the only people not pushing to encrypt music!

The blunt truth of it all is that the software industry learned this lesson 15 years ago the hard way. A number of companies were out there spending millions of dollars and tens of man-months to protect their software only to find it cracked weeks after release. Software companies tried fancy manuals, cryptography, dongles…the works! to no avail. Most of these schemes did not deter the hackers but proved annoying to valid customers. The crackers were just excited by the prospect of “a difficult crack” as it gave more prestige to the one who managed to break the program’s codes. Software companies eventually gave up and decided to spend their money and time on making good software products instead of protecting their intellectual property. Today, less than 1% of software has any significant form of copy protection on it.

A second and equally practical reason why SDMI is going to fail is that it will not be here fast enough. When I talked with the chairman of a certain, large record label today, he was expecting SDMI to be out and finalized before June. Boy, did I have news for him! From multiple inside sources, the work on SDMI is going amazingly slow: even slower than the meetings on DVD. The tech companies are despairing at the persistent (and often conflicting!) desires of the labels to have an efficient, convenient, and infinitely secure format specced, ironed out, tested, debugged, and implemented in a matter of a few months.

The fact of the matter is, MP3 is here now. Yes, it is not as high quality. Yes, it has a reputation for piracy and illegal copying. But you know what? Tens of millions of consumers are using it today. Excellent software infrastructure has been developed for creating and distributing MP3s in streaming and downloading formats. Portable MP3 players are popping up everywhere and more exciting hardware is just around the corner. It is too late for SDMI. Even if SDMI were finalized in a year, which is being optimistic, the range of MP3 applications for digital audio encoding, distribution, and listening would prove far more compelling to the consumer than an investment in new technology for the explicit purpose of restricting their access to music. Microsoft, with a very capable format already released (read my review!) is going to have a very hard battle as is convincing the consumer to use MS Audio instead of MP3. SDMI wouldn’t stand hardly a chance now, much less any chance in a year.

Ultimately, it’s about the consumers. Right now, they have music in their ears. They’re clicking away, making playlists of their favorite 200 swing music songs or sending their favorite U2 single to their buddies online. You will have a very hard time taking these joys away from them. How about this for a radical change: why not work for your consumers instead of against them?